1

What we're looking to do is be able to communicate with an existing HTTPS/TLS 1.2 service (outside of swarm) from our service deployed within swarm. The service running inside swarm has been migrated from running within a JBoss instance which handled the TLS 1.2 connection/cert. My goal would be not to modify the code within the service (currently using a standard spring RestTemplate) to specifically load the cert, but to externalize/proxy the TLS 1.2 connection within swarm somehow. What options would be available to do something like this? Any suggestions?

Mostly any posts I've looked up/found deal with applying TLS to the services within docker/swarm from an external source, or modifying the spring RestTemplate to load the cert for making external calls. We have a lot of services to migrate so I'm hoping there's a more generic way to approach this. Thanks

byte-crunch
  • 271
  • 2
  • 13
  • You should post a code example of how the `RestTemplate` is currently used... Otherwise it would be kinda hard to know what "no to modify" actually means. ;) – user268396 Aug 27 '18 at 20:34

1 Answers1

2

Would a proxy service in front of your Spring app work that does all the needed certs and protocol work for you, then sends HTTP connections back to your app on a overlay network? They would all be on the same Swarm.

There are several good reverse proxies that are "Docker Swarm API aware" including Traefik and Docker Flow Proxy. I demo'ed a simple setup of putting Traefik in front of many services on a single Swarm at DockerCon 2018, and using Let's Encrypt to get HTTPS certs and act as the connection point for multiple inbound DNS URL's, all of which are redirected to the proper Swarm VIP based on the proxy listening for Swarm events. The sample repo is here.

Bret Fisher
  • 8,164
  • 2
  • 31
  • 36